[2021.4] Isaca CISA exam dumps pdf and practice questions free

Pass4itsure has many years of exam experience! A group of professional Isaca exam experts! Update Isaca CISA test questions throughout the year! The most complete Isaca CISA dumps https://www.pass4itsure.com/cisa.html test questions and answers! The safest buying experience! The biggest free sharing Isaca CISA exam practice questions and answers! Our goal is to help more people pass the exam!

Isaca CISA pdf free download https://drive.google.com/file/d/1hTYa7Mk6eb2zBC_qt5yezqEAhUk2t2KU/view?usp=sharing

Latest Isaca CISA exam dumps pdf [Google Drive]

[Latest PDF] Isaca CISA dumps pdf https://drive.google.com/file/d/1hTYa7Mk6eb2zBC_qt5yezqEAhUk2t2KU/view?usp=sharing

Isaca CISA practice test questions 1-13 free

A retailer normally uses a scanner to read product labels and input product codes and prices. The unit is not functioning
and staff is keying information manually. With respect to the accuracy of the input, it is likely that:
A. audit risk has increased.
B. control risk has increased.
C. inherent risk has decreased.
D. detection risk has decreased.
Correct Answer: A

Assessments of critical information systems are based on a cyclical audit plan that has not been updated for several
years. Which of the following should the IS auditor recommend to BEST address this situation?
A. Use a revolving set of audit plans to cover all systems
B. Update the audit plan quarterly to account for delays and deferrals of periodic reviews
C. Regularly validate the audit plan against business risks
D. Do not include periodic reviews in detail as part of the audit plan
Correct Answer: C

Which of the following should be an information security manager\\’s PRIMARY role when an organization initiates a
data classification process?
A. Assign the asset classification level.
B. Define the classification structure to be implemented.
C. Verify that assets have been appropriately classified.
D. Apply security in accordance with specific classification.
Correct Answer: B

Which of the following systems-based approaches would a financial processing company employ to monitor spending
patterns to identify abnormal patterns and report them?
A. A neural network
B. Database management software
C. Management information systems
D. Computer assisted audit techniques
Correct Answer: A
A neural network will monitor and learn patterns, reporting exceptions for investigation.

The implementation of access controls FIRST requires:
A. a classification of IS resources.
B. the labeling of IS resources.
C. the creation of an access control list.
D. an inventory of IS resources.
Correct Answer: D

After a full operational contingency test, an IS auditor performs a review of the recovery steps. The auditor concludes
that the time it took for the technological environment and systems to return to full-functioning exceeded the required
critical recovery time. Which of the following should the auditor recommend?
A. Perform an integral review of the recovery tasks.
B. Broaden the processing capacity to gain recovery time.
C. Make improvements in the facility\\’s circulation structure.
D. increase the number of human resources involved in the recovery.
Correct Answer: A
Performing an exhaustive review of the recovery tasks would be appropriate to identify the way these tasks were
performed, identify the time allocated to each of the steps required to accomplish recovery, and determine where
adjustments can be made. Choices B, C, and D could be actioned after the described review has been completed.

Allowing application programmers to directly patch or change code in production programs increases risk of fraud. True
or false?
A. True
B. False
Correct Answer: A
Allowing application programmers to directly patch or change code in production programs increases the risk of fraud.

A review of an organization\\’s IT portfolio revealed several applications that are not in use. The BEST way to prevent
this situation from recurring would be to implement:
A. a formal request for proposal (RFP) process
B. an information asset acquisition policy
C. asset life cycle management
D. business case development procedures
Correct Answer: C

An IS auditor reviewing the risk assessment process of an organization should FIRST:
A. identify the reasonable threats to the information assets.
B. analyze the technical and organizational vulnerabilities.
C. identify and rank the information assets.
D. evaluate the effect of a potential security breach.
Correct Answer: C
Identification and ranking of information assets-e.g., data criticality, locations of assets-will set the tone or scope of how
to assess risk in relation to the organizational value of the asset. Second, the threats facing each of the organization\\’s
assets should be analyzed according to their value to the organization. Third, weaknesses should be identified so that
controls can be evaluated to determine if they mitigate the weaknesses. Fourth, analyze how these weaknesses, in
absence of given controls, would impact the organization’s information assets.

By evaluating application development projects against the capability maturity model (CMM), an IS auditor should be
able to verify that:
A. reliable products are guaranteed.
B. programmers\\’ efficiency is improved.
C. security requirements are designed.
D. predictable software processes are followed.
Correct Answer: D
By evaluating the organization\\’s development projects against the CMM, an IS auditor determines whether the
development organization follows a stable, predictable software process. Although the likelihood of success should
increase as the software processes mature toward the optimizing level, mature processes do not guarantee a reliable
product. CMM does not evaluate technical processes such as programming nor does it evaluate security requirements
or other application controls.

A small startup organization does not have the resources to implement segregation of duties. Which of the following
would be the MOST effective compensating control?
A. Rotation of log monitoring and analysis responsibilities
B. Additional management reviews and reconciliations
C. Third-party assessments
D. Mandatory vacations
Correct Answer: D
Reference: https://www.computerweekly.com/tip/Segregation-of-duties-Small-business-best-practices

What is the purpose of a hypervisor?
A. Monitoring the performance of virtual machines
B. Cloning virtual machines
C. Deploying settings to multiple machines simultaneously
D. Running the virtual machine environment
Correct Answer: D

When performing a review of the structure of an electronic funds transfer (EFT) system, an IS auditor observes that the
technological infrastructure is based on a centralized processing scheme that has been outsourced to a provider in
another country. Based on this information, which of the following conclusions should be the main concern of the IS
A. There could be a question regarding the legal jurisdiction.
B. Having a provider abroad will cause excessive costs in future audits.
C. The auditing process will be difficult because of the distance.
D. There could be different auditing norms.
Correct Answer: A
In the fund’s transfer process, when the processing scheme is centralized in a different country, there could be legal
issues of jurisdiction that might affect the right to perform a review in the other country. The other choices, though
possible, are not as relevant as the issue of legal jurisdiction.


Free real Isaca CISA exam preparation materials, Isaca CISA practice exam + Isaca CISA pdf dumps. Use them correctly and you will not fail. Get the full Isaca CISA dumps https://www.pass4itsure.com/cisa.html ( Q&As: 3184).

Free Isaca CISA dumps pdf download online!